Joomla excessively utilizes session cookies for user tracking, hit counting, statistics and more. This can upset cookie-aware users and therefore undermine your credibility, especially if you're running sites promoting data thriftiness (sounds awful in English... "Datensparsamkeit" in German - does anyone know a better translation? :) )
Following I will describe how to avoid all cookies for normal visitors and still have front end login.
// setcookie( $sessionCookieName, '-', false, '/' );
Because of a set POST/GET parameter named "force_session", a user session will be started anyway in the code further down if someone logs in. This parameter is set in the standard login module. If you use your own login module, just add this parameter!
Additional: Comment out line 25 in /offline.php: // session_start(); This seams to be an artifact of old versions. It really doesn't make sense to me, to start a PHP session in this file, particularly because Joomla uses its own session mechanism...